Subject: Re: newsyslog and script execution instead of sending signal to process
To: Brett Lymn <firstname.lastname@example.org>
From: Luke Mewburn <lukem@NetBSD.org>
Date: 07/18/2007 12:29:34
Content-Type: text/plain; charset=us-ascii
On Mon, Jul 16, 2007 at 04:55:34PM +0930, Brett Lymn wrote:
| On Mon, Jul 16, 2007 at 02:49:29AM -0400, Greg A. Woods wrote:
| > It's extremely inelegant to have newsyslog invoking other programs,
| > never mind opening a whole new can of worms on the security front.
| There is already this wheel in Solaris called logadm - it allows
| pre/post log roll scripts. Having yet another cron job that is just
| there to watch a directory and move the logs is rather inelegant in
| itself - nevermind the race condition if the log is still in the
| process of being rolled when it is moved/compressed. You don't have
| to run the scripts as root - you can always su to the correct user
| before running the roll script (if that is really necessary).
Many years ago, I wrote a "logrot" tool for systems a decent
log rotation tool (such as older Solaris systems).
It's even available in pkgsrc as sysutils/logrot.
Per the DESCR:
logrot rotates log files in a safe (almost atomic) manner.
The name of the rotated file and its destination directory
are configurable. Signals may be sent to processes determined
from a pid file, or arbitrary commands may be executed upon
rotation. Optional pre-processing, compression, and post-
processing is supported.
I use it on my NetBSD boxes because I personally can't stand
the .0, .1, ..., .n naming scheme that newsyslog(8) uses.
My crontab has entries like (split here with \ for readability):
# rotate all my normal log files, sending -HUP to syslogd
cd /var/log ; logrot -d old -c auth authpriv cron daemon ftp kern \
local0 local1 local2 local3 local4 local5 local6 local7 lpr mail news \
syslog user uucp
# call an rc.d script to let upslog know the file was rotated
cd /var/log ; logrot -d old -c -N "/etc/rc.d/upslog restart" ups
# rotate squid logs, and mail a report to root after the fact
cd /var/squid/logs ; logrot -d old -s USR1 -w 60 -p /var/run/squid.pid -c \
-B 'case "\%f" in access*) cat "\%f" | calamaris -a | \
mail -s "proxywww cache report" root;; esac' cache access
The tool isn't perfect by any means, but it works for me.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (NetBSD)
-----END PGP SIGNATURE-----